Merge pull request #12748 from anuragkumawat/JAVA-14868

JAVA-14868 Update spring-security-web-sockets module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter

spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/config/SecurityConfig.java

@@ -1,26 +1,28 @@
 package com.baeldung.springsecuredsockets.config;
 
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+
 import com.baeldung.springsecuredsockets.security.CustomAccessDeniedHandler;
 import com.baeldung.springsecuredsockets.security.CustomDaoAuthenticationProvider;
 import com.baeldung.springsecuredsockets.security.CustomLoginSuccessHandler;
 import com.baeldung.springsecuredsockets.security.CustomLogoutSuccessHandler;
 import com.baeldung.springsecuredsockets.security.CustomUserDetailsService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.access.AccessDeniedHandler;
-import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
-import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 
 /**
  * @EnableGlobalAuthentication annotates:
@@ -36,7 +38,7 @@ import org.springframework.security.web.authentication.logout.LogoutSuccessHandl
 @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
 @EnableWebSecurity
 @ComponentScan("com.baeldung.springsecuredsockets")
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
 
     @Autowired
     private CustomUserDetailsService customUserDetailsService;
@@ -82,54 +84,59 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
      * <p>
      * Matching occurs from top to bottom - so, the topmost match succeeds first.
      */
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http
+        http.authorizeRequests()
-                .authorizeRequests()
+            .antMatchers("/", "/index", "/authenticate")
-                .antMatchers("/", "/index", "/authenticate")
+            .permitAll()
-                .permitAll()
+            .antMatchers("/secured/**/**", "/secured/**/**/**", "/secured/socket", "/secured/success")
-                .antMatchers("/secured/**/**", "/secured/**/**/**", "/secured/socket", "/secured/success")
+            .authenticated()
-                .authenticated()
+            .anyRequest()
-                .anyRequest().authenticated()
+            .authenticated()
-                .and()
+            .and()
-                .formLogin()
+            .formLogin()
-                .loginPage("/login").permitAll()
+            .loginPage("/login")
-                .usernameParameter("username")
+            .permitAll()
-                .passwordParameter("password")
+            .usernameParameter("username")
-                .loginProcessingUrl("/authenticate")
+            .passwordParameter("password")
-                .successHandler(loginSuccessHandler())
+            .loginProcessingUrl("/authenticate")
-                .failureUrl("/denied").permitAll()
+            .successHandler(loginSuccessHandler())
-                .and()
+            .failureUrl("/denied")
-                .logout()
+            .permitAll()
-                .logoutSuccessHandler(logoutSuccessHandler())
+            .and()
-                .and()
+            .logout()
-                /**
+            .logoutSuccessHandler(logoutSuccessHandler())
-                 * Applies to User Roles - not to login failures or unauthenticated access attempts.
+            .and()
-                 */
+            /**
-                .exceptionHandling()
+             * Applies to User Roles - not to login failures or unauthenticated access attempts.
-                .accessDeniedHandler(accessDeniedHandler())
+             */
-                .and()
+            .exceptionHandling()
-                .authenticationProvider(authenticationProvider());
+            .accessDeniedHandler(accessDeniedHandler())
+            .and()
+            .authenticationProvider(authenticationProvider());
 
         /** Disabled for local testing */
-        http
+        http.csrf()
-                .csrf().disable();
+            .disable();
 
         /** This is solely required to support H2 console viewing in Spring MVC with Spring Security */
-        http
+        http.headers()
-                .headers()
+            .frameOptions()
-                .frameOptions()
+            .disable();
-                .disable();
+        return http.build();
     }
 
-    @Override
+    @Bean
-    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+    public AuthenticationManager authManager(HttpSecurity http) throws Exception {
-        auth.authenticationProvider(authenticationProvider());
+        return http.getSharedObject(AuthenticationManagerBuilder.class)
+            .authenticationProvider(authenticationProvider())
+            .build();
     }
 
-    @Override
+    @Bean
-    public void configure(WebSecurity web) throws Exception {
+    public WebSecurityCustomizer webSecurityCustomizer() {
-        web.ignoring().antMatchers("/resources/**");
+        return (web) -> web.ignoring()
+            .antMatchers("/resources/**");
     }
 
 }